KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community!
The forum is divided into four main topics or categories:
Social Engineering,Ransomware,Phishing andSecurity Awareness Training.
You are invited to be one of the first to join us at:
https://discuss.hackbusters.com.

LinkedIn certificate blunder leaves users LockedOut!

Many LinkedIn users were unable to access the professional networking website today after its administrators failed to renew a TLS certificate before it expired.

The certificate in question was used by various country-specific LinkedIn websites such as https://uk.linkedin.com and https://de.linkedin.com. It expired at midday today, immediately preventing users from accessing the site via these hostnames.

The expired certificate was issued to us.linkedin.com, but was also valid for – and used by – dozens of other country-specific LinkedIn hostnames. The main site at www.linkedin.com was not affected.

The sites were still inaccessible a few hours after the problem manifested itself.

Ironically, LinkedIn's better-than-average security made the expired certificate even more problematic. Most browsers will allow users to ignore certificate validation warnings — however unwise that may be — but the warnings cannot be ignored on these LinkedIn sites.